1 /* 2 * Copyright 2021, The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 /****************************************************************************** 17 * 18 * The original Work has been changed by NXP. 19 * 20 * Licensed under the Apache License, Version 2.0 (the "License"); 21 * you may not use this file except in compliance with the License. 22 * You may obtain a copy of the License at 23 * 24 * http://www.apache.org/licenses/LICENSE-2.0 25 * 26 * Unless required by applicable law or agreed to in writing, software 27 * distributed under the License is distributed on an "AS IS" BASIS, 28 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 29 * See the License for the specific language governing permissions and 30 * limitations under the License. 31 * 32 * Copyright 2022-2023 NXP 33 * 34 ******************************************************************************/ 35 #pragma once 36 37 #include <cppbor.h> 38 39 #include <aidl/android/hardware/security/keymint/BnRemotelyProvisionedComponent.h> 40 #include <aidl/android/hardware/security/keymint/RpcHardwareInfo.h> 41 #include <aidl/android/hardware/security/keymint/SecurityLevel.h> 42 43 #include <keymaster/UniquePtr.h> 44 #include <keymaster/android_keymaster.h> 45 46 #include "CborConverter.h" 47 #include "JavacardSecureElement.h" 48 49 namespace aidl::android::hardware::security::keymint { 50 using ::keymint::javacard::CborConverter; 51 using ::keymint::javacard::JavacardSecureElement; 52 using ndk::ScopedAStatus; 53 using std::shared_ptr; 54 55 class JavacardRemotelyProvisionedComponentDevice : public BnRemotelyProvisionedComponent { 56 public: JavacardRemotelyProvisionedComponentDevice(shared_ptr<JavacardSecureElement> card)57 explicit JavacardRemotelyProvisionedComponentDevice(shared_ptr<JavacardSecureElement> card) 58 : card_(std::move(card)) {} 59 60 virtual ~JavacardRemotelyProvisionedComponentDevice() = default; 61 62 ScopedAStatus getHardwareInfo(RpcHardwareInfo* info) override; 63 64 ScopedAStatus generateEcdsaP256KeyPair(bool testMode, MacedPublicKey* macedPublicKey, 65 std::vector<uint8_t>* privateKeyHandle) override; 66 67 ScopedAStatus generateCertificateRequest(bool testMode, 68 const std::vector<MacedPublicKey>& keysToSign, 69 const std::vector<uint8_t>& endpointEncCertChain, 70 const std::vector<uint8_t>& challenge, 71 DeviceInfo* deviceInfo, ProtectedData* protectedData, 72 std::vector<uint8_t>* keysToSignMac) override; 73 74 ScopedAStatus generateCertificateRequestV2(const std::vector<MacedPublicKey>& keysToSign, 75 const std::vector<uint8_t>& challenge, 76 std::vector<uint8_t>* csr) override; 77 // Methods from ::ndk::ICInterface follow. 78 binder_status_t dump(int fd, const char** args, uint32_t num_args) override; 79 80 private: 81 ScopedAStatus beginSendData(const std::vector<MacedPublicKey>& keysToSign, 82 const std::vector<uint8_t>& challenge, DeviceInfo* deviceInfo, 83 uint32_t* version, std::string* certificateType); 84 85 ScopedAStatus updateMacedKey(const std::vector<MacedPublicKey>& keysToSign, 86 cppbor::Array& coseKeys); 87 88 ScopedAStatus finishSendData(std::vector<uint8_t>& coseEncryptProtectedHeader, 89 std::vector<uint8_t>& signature, uint32_t& version, 90 uint32_t& respFlag); 91 ScopedAStatus getDiceCertChain(std::vector<uint8_t>& diceCertChain); 92 ScopedAStatus getUdsCertsChain(std::vector<uint8_t>& udsCertsChain); 93 std::shared_ptr<JavacardSecureElement> card_; 94 CborConverter cbor_; 95 }; 96 97 } // namespace aidl::android::hardware::security::keymint 98